Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Threat CategoryDescription
A potentially unwanted adware program designed to deliver various advertisements to the users' systems

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %CommonPrograms%\Screen2Exe\Screen2Exe.lnk 662 bytes MD5: 0xA9AAEEBEE6C3EB195CCB9A30D24FFFB2
SHA-1: 0xE291512A7BA5A148F2963E0399FC5D2F27053512
(not available)
2 %CommonPrograms%\Screen2Exe\�.lnk 652 bytes MD5: 0xFA79D732F0E5BF2745853E0B124F3837
SHA-1: 0x76A74AB898CD5F51C0E7B621C4E39D75E9001B7B
(not available)
3 %Temp%\isoconfig.tmp 2,752 bytes MD5: 0x4D2F824950CDA06C3711DA81A75C596F
SHA-1: 0x24E0DC5C5C549C454A73B4EC7F2945CC6973A23C
(not available)
4 %Temp%\isoversion.tmp 128 bytes MD5: 0x760BB941FF4D8E76EAA3486E094E6569
SHA-1: 0xE50D6C6C386C65520DE7A0C31A4F29783A6822A9
(not available)
5 %ProgramFiles%\Screen2Exe\Screen2Exe.exe 266,240 bytes MD5: 0x7C5C6961F7443724D14C4212F11FB3FC
SHA-1: 0x7F303A925EE410D278C8F810974D98D9E99E7441
AdWare.Agent [Ikarus]
6 %ProgramFiles%\Screen2Exe\Screen2Exe.ini 29 bytes MD5: 0x26D67BD1D16D7A12EB8DFA4A6E23C739
SHA-1: 0xED9E5354B083BDB0EEEE81A6860D17ACCDBD7AB6
(not available)
7 %ProgramFiles%\Screen2Exe\ScrSelfPlayer.exe 95,744 bytes MD5: 0xDFC5E512FA9DB4CB38597284A1E7D09E
SHA-1: 0xC79911349303F56A865924E409440040F8BC4D13
packed with PE_Patch.UPX [Kaspersky Lab]
8 %ProgramFiles%\Screen2Exe\unins000.dat 2,175 bytes MD5: 0xF1B2C83A407F672619EC4264C689DAAE
SHA-1: 0x085C155CE9E490A48B561DE996156893CA82CA5B
(not available)
9 %ProgramFiles%\Screen2Exe\unins000.exe 657,677 bytes MD5: 0xE30F8ED83BF5BF5BA95E530D284E4285
SHA-1: 0xD443D9883EB1C30BDCD98D0246A29A50DD245E14
(not available)
10 %System%\msxmlfilta.dll 167,936 bytes MD5: 0x8C2D097BB7202BC9173C3327DED7E900
SHA-1: 0x513D0127485059058D3C87FCC9880C72CC4CE163
not-a-virus:AdWare.Win32.BHO.hpj [Kaspersky Lab]
Troj/BHO-NE [Sophos]
11 [file and pathname of the sample #1] 559,049 bytes MD5: 0x82FF88CEEAA58ACCE082A4C6CFA07F16
SHA-1: 0x29A73432010CFE71E74BA9F95765C7946EB3D6C8
not-a-virus:AdWare.Win32.BHO.hpj [Kaspersky Lab]
Gen.Trojan [Ikarus]

 

Memory Modifications

Module NameModule FilenameAddress Space Details
msxmlfilta.dll%System%\msxmlfilta.dllProcess name: IEXPLORE.EXE
Process filename: %ProgramFiles%\internet explorer\iexplore.exe
Address space: 0x10000000 - 0x1002A000

 

Registry Modifications

 

Other details

China

Remote HostPort Number
119.147.245.1880
219.153.15.7680

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.